PT-2019-1695 · Artifex+5 · Ghostscript+5

Cedric Buissart

Publicado

2019-02-14

Atualizado

2024-06-15

CVE-2019-3835

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Ghostscript versions prior to 9.27

Description The issue is related to the superexec operator being available in the internal dictionary in Ghostscript, which could allow a specially crafted PostScript file to access the file system outside of the constraints imposed by -dSAFER. This flaw is associated with insecure privilege management, potentially enabling a remote attacker to elevate their privileges.

Recommendations For Ghostscript versions prior to 9.27, update to version 9.27 or later to resolve the issue. As a temporary workaround, consider restricting access to the superexec operator in the internal dictionary until a patch is available.

Correção

Missing Authorization

Improper Privilege Management

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-862CWE-648CWE-269

Identificadores relacionados

ALT-PU-2019-1913

ALT-PU-2019-1917

BDU:2019-01299

CESA-2019_0633

CESA-2019_0971

CVE-2019-3835

DLA-1761-1

DSA-4432-1

MGASA-2019-0130

OPENSUSE-SU-2019:2222-1

OPENSUSE-SU-2019:2223-1

OPENSUSE-SU-2019_2222-1

OPENSUSE-SU-2019_2223-1

OPENSUSE-SU-2024:10783-1

RHSA-2019:0633

RHSA-2019:0971

RHSA-2019_0633

RHSA-2019_0971

SUSE-SU-2019:2460-1

SUSE-SU-2019:2478-1

USN-3915-1

Produtos afetados

Alt Linux

Centos

Ghostscript

Red Hat

Suse

Ubuntu

PT-2019-1695 · Artifex+5 · Ghostscript+5

CVE-2019-3835

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 149